CP
cyberpings
VulnerabilitiesCRITICAL

Critical Flaws in Everon OCPP Backends Expose Charging Stations

CICISA Advisories18h ago2 min read
EveronOCPPCVE-2026-26288CVE-2026-24696CVE-2026-20748
馃幆

Basically, hackers can control electric car chargers due to security flaws.

Quick Summary

Everon OCPP Backends face critical vulnerabilities that allow hackers to control charging stations. This affects electric vehicle users worldwide, risking service disruptions. Everon has announced a platform shutdown to mitigate these issues.

What Happened

Imagine plugging in your electric car only to find that someone else has taken control of the charging station. This alarming scenario is now a reality for users of Everon OCPP? Backends, which manage electric vehicle charging stations worldwide. Four critical vulnerabilities have been discovered that allow attackers to gain unauthorized access and disrupt services.

The vulnerabilities stem from issues like missing authentication? and insufficient session management. For instance, attackers can impersonate legitimate charging stations, manipulate data, or even conduct denial-of-service attacks?. This means they can overwhelm the system, preventing legitimate users from charging their vehicles.

Why Should You Care

If you own an electric vehicle or rely on public charging stations, this news directly impacts you. Imagine arriving at a charging station only to find it offline or malfunctioning due to a cyberattack. Your ability to charge your vehicle could be compromised, leading to frustration and inconvenience.

Moreover, these vulnerabilities can affect the broader energy infrastructure. As electric vehicles become more common, the security of charging stations is crucial for a smooth transition to sustainable transportation. If hackers can disrupt these services, it could undermine public trust in electric vehicles and the entire charging ecosystem.

What's Being Done

In response to these vulnerabilities, Everon has taken the drastic step of shutting down their platform, effective December 1st, 2025. This move aims to protect users from potential exploitation. However, if you are currently using Everon OCPP? Backends, here鈥檚 what you should do:

  • Stop using affected charging stations immediately.
  • Monitor for updates from Everon regarding the situation.
  • Consider alternative charging solutions until the vulnerabilities are addressed.

Experts are closely monitoring the situation to see if attackers will exploit these vulnerabilities before the shutdown. The focus will be on how quickly Everon can implement fixes and restore user confidence in their services.

馃挕 Tap dotted terms for explanations

馃敀 Pro insight: The vulnerabilities highlight a significant gap in IoT security for critical infrastructure, necessitating immediate attention from stakeholders.

Original article from

CISA Advisories CISA

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Surge in Critical Vulnerabilities: React2Shell Takes Center Stage

December 2025 witnessed a staggering rise in critical vulnerabilities, especially with React2Shell affecting many applications. This surge poses a significant risk to users and developers alike. Immediate action is needed to secure systems against these threats.

Recorded Future BlogJust now2m
HIGHVulnerabilities

React2Shell Vulnerabilities Exposed: Act Now!

Two critical vulnerabilities, React2Shell, have emerged, putting many applications at risk. Developers and users alike should be concerned about potential data breaches. Immediate action is needed to secure affected systems and update libraries.

PortSwigger Blog1m ago2m
HIGHVulnerabilities

Chrome Flaw Exposed Gemini's Camera and Mic to Extensions

A vulnerability in Chrome allowed extensions to hijack Gemini's camera and microphone. Users could have unknowingly exposed their privacy. Google has patched the flaw, but caution is still needed.

Malwarebytes Labs1m ago2m
HIGHVulnerabilities

Qualcomm Bug Exposes Android Devices to Targeted Attacks

A critical vulnerability in Qualcomm affects many Android devices, exposing users to targeted attacks. Google has patched 129 vulnerabilities, but staying updated is crucial for your device's safety. Don't risk your personal data!

Malwarebytes Labs1m ago2m
HIGHVulnerabilities

KubeVirt Vulnerability Hits 7.7 on CVSS Scale!

A serious vulnerability in KubeVirt has been rated 7.7 on the CVSS scale. Users are at risk of unauthorized access to sensitive data. Immediate updates and monitoring are essential to protect your systems.

AusCERT Bulletins1m ago2m
HIGHVulnerabilities

Secure Your AI Infrastructure from the Start

A new AI claims system is facing vulnerabilities that could expose sensitive data. Companies must secure their AI infrastructure to protect customer information. Immediate action is crucial to prevent costly breaches and maintain trust.

Aqua Security Blog1m ago2m